package org.genntii.warehousesystem.config;


import jakarta.annotation.Resource;
import org.genntii.warehousesystem.filter.JWTAuthorizationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Resource
    private JWTAuthorizationFilter jwtAuthorizationFilter;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {

        httpSecurity.cors(withDefaults());

        httpSecurity.csrf(AbstractHttpConfigurer::disable);

        httpSecurity.formLogin(AbstractHttpConfigurer::disable);

        httpSecurity.authorizeHttpRequests(authorize->authorize
                // 用户接口
                .requestMatchers("/user/isRealName").hasAuthority("ROLE_USER")
                .requestMatchers("/user/realName").hasAuthority("ROLE_USER")
                .requestMatchers("/user/isBank").hasAuthority("ROLE_USER")
                .requestMatchers("/user/bank").hasAuthority("ROLE_USER")
                .requestMatchers("/user/tel").hasAuthority("ROLE_USER")
                .requestMatchers("/user/isTel").hasAuthority("ROLE_USER")
                .requestMatchers("/user/test").hasAuthority("ROLE_USER")
                .requestMatchers("/user/addressUpdate").hasAuthority("ROLE_USER")
                // 仓库接口
                .requestMatchers("warehouse/v1/**").hasAuthority("ROLE_SUPER_ADMIN")
                .requestMatchers("warehouse/findSameCity").hasAuthority("ROLE_USER")
                // 员工接口
                .requestMatchers("/employee/v1/**").hasAuthority("ROLE_SUPER_ADMIN")
                .requestMatchers("employee/login").permitAll()
                // 货品类型接口
                .requestMatchers("type/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("type/getType").hasAuthority("ROLE_USER")
                // 品牌接口
                .requestMatchers("/brand/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("/brand/getBrand").hasAuthority("ROLE_USER")
                // 货品接口
                .requestMatchers("/goods/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("/goods/list","/goods/search","/goods/details").hasAuthority("ROLE_USER")
                // 用户收货地址接口
                .requestMatchers("/userAddress/**").hasAuthority("ROLE_USER")
                // 货品类型关联接口
                .requestMatchers("/goodsType/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("/goodsType/getTypesByGoods","/goodsType/findGoodsByType").hasAuthority("ROLE_USER")
                // 购物车接口
                .requestMatchers("/cart/**").hasAuthority("ROLE_USER")
                // 订单接口
                .requestMatchers("/goodsOrder/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("/goodsOrder/list","/goodsOrder/create","goodsOrder/statusUpdate").hasAuthority("ROLE_USER")
                // 库存接口
                .requestMatchers("/goodsWarehouse/v1/**").hasAnyAuthority("ROLE_SUPER_ADMIN","ROLE_EMPLOYEE")
                .requestMatchers("/goodsWarehouse/selectGoods8Warehouse","/goodsWarehouse/list").hasAuthority("ROLE_USER")

                //TODO 将swagger接口文档设置认证权限
                .anyRequest().permitAll());

        httpSecurity.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class);

        httpSecurity.logout(logout->logout
                .logoutUrl("/user/v1/logout")
                .logoutSuccessHandler(((request, response, authentication) -> SecurityContextHolder.clearContext())));

        return httpSecurity.build();

    }

}
